Internal Threats
Transcript
Hello participant, welcome to the last topic of week one. I am your instructor, Murrey Eddah. In this video, we will learn about internal threats, how to identify them and their consequences.
An internal threat refers to the risk emerging inside a company, government agency, or institution and affects the computer system.
Internal threats can be caused by:
Employee sabotage and theft of data and/or physical equipment
- Unauthorized access by employees to secure areas and administration functions
- Weak cybersecurity measures and unsafe practices
- Accidental loss or disclosure of data
- Damage to computer equipment from fire, flooding, power loss or terrorism
When it comes to the implementation of cybersecurity, humans are regarded as the weakest link. An insider threat is a person inside an institution who can exploit a system in a way to cause damage or
Steal data. A former, current employee or contractor with access to sensitive information or privileged accounts may be manipulated into orchestrating the damage or threat to a school. An insider threat can result in the following:
- Financial loss
- The ruined reputation of a school
- Loss of trust from parents and students
- Compromise of student and staff data
- Disclosure of the institution’s secrets
- Laws suits from parents
The three types of insider threats in this topic are; malicious insider/turn cloak, Careless insider/ pawn/ mistake maker and mole/imposter.
A malicious insider is a person who intentionally misuses legitimate credentials or privilege access to steal information for personal or financial gain. An advantage a malicious insider has over external attackers is that they are familiar with the security guidelines and procedures present in the institution. This can be an employee, contractor or student.
A careless insider can be an employee or student who makes an honest mistake that exposes the system to an outside threat. This mostly results from phishing emails, leaving a device unlocked or writing down credentials on a paper lying around.
A mole is an outsider who has illegally managed to gain access to an institution’s or company’s network.
In most cases, a mole steals credentials belonging to an authorized user.
According to a study conducted by Ponemon Institute, the highest number of insider threats are a result of mistake makers or careless insiders through phishing schemes.
The common causes of insider threats are; An employee acting on the opportunity to use data for Personal gain or steals and sells the data, Disgruntled employees stealing and leaking data online to get back at their former employer for a perceived justice and Negligence or lack of awareness from an employee which is the most common cause of insider threats.
What are the indicators of a malicious insider threat? We can identify an insider threat through digital and behavioural warning signs. The digital warning signs are:
- Downloading or accessing substantial amounts of data
- Accessing sensitive data not associated with their job function
- Accessing data that is outside of their unique behavioural profile
- Multiple requests for access to resources not associated with their job function
- Using unauthorized storage devices (e.g. USB drives or floppy disks)
- Network searches for sensitive data
-
Data hoarding, copying files from sensitive folders
-
Emailing sensitive data outside the school
While the behavioural warning signs are:
Attempting to bypass security for example through tail gaiting
- Frequently in the school during off-hours
- Displaying disgruntled behaviour toward co-workers
- Violation of school guidelines
- Discussions of resigning or new opportunities
Prevention is better than cure. The best way to prevent an internal threat incident from occurring is by a school or institution taking the approach to prevent attacks causing loss, detect attacks, respond to incidents and return to a secure state.
The school can take the following measures:
- Conduct thorough background checks on employees before hiring them
- Use the principle of least privilege where new accounts in the organization should have the least access permissions needed to perform a task.
- Document guidelines indicating the security procedures all students and staff should follow
- Implement a security monitoring tool in the network to track data access and activities of all users and identify privileged users misusing their righ An example is Microsoft Network Monitor.
- Create an insider threat detection team that monitors behavioural activities of all users
- Educate and train students and staff on attack vectors such as phishing email and the dangers of breaching security guidelines
- Establish physical security in the school or institution. This may involve the implementation of biometrics in the server room or IT department
- Perform risk assessments by first identifying critical assets, possible vulnerabilities and threats that may affect them.
The following are case studies of cyber incidents that occurred in schools and prominent companies as a result of result of an insider threat,
- The first incident, in 2018, a temporary IT worker in Chicago public schools was arrested and charged with stealing personal data of 70,000 staff, volunteers and students. The employee stole data containing personal identifiable information, criminal histories, and records of individuals associated with the Department of Children and Family services because he was fired.
- A high school teacher in Japan, accidentally leaked private information on the school’s website. The data contained students’ names, health conditions and records. The teacher was uploading a notice to address parents and guardians on an upcoming swimming class when the incident occurred.
- Henry Park Primary School, in Singapore, accidentally sent personal data of over 1900 pupils to 1200 parents through email in an attached Microsoft Excel file. The document contained students’ and parents’ names, phone numbers and email addresses.
We have come to the end of week one. In week two, we will concentrate on data security. Thank you for your continued effort and participation.